Windows
Analysis Report
file.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- file.exe (PID: 7680 cmdline:
"C:\Users\ user\Deskt op\file.ex e" MD5: 0603207308448AD82DC3D1FC17923DDB) - service123.exe (PID: 7180 cmdline:
"C:\Users\ user\AppDa ta\Local\T emp\servic e123.exe" MD5: 4D55689820C303548CBA9CFA9F2BF3CB) - schtasks.exe (PID: 7264 cmdline:
"C:\Window s\System32 \schtasks. exe" /crea te /tn "Se rviceData4 " /tr "C:\ Users\user \AppData\L ocal\Temp\ /service12 3.exe" /st 00:01 /du 9800:59 / sc once /r i 1 /f MD5: 48C2FE20575769DE916F48EF0676A965) - conhost.exe (PID: 7276 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
- service123.exe (PID: 4620 cmdline:
C:\Users\u ser\AppDat a\Local\Te mp\/servic e123.exe MD5: 4D55689820C303548CBA9CFA9F2BF3CB)
- service123.exe (PID: 5836 cmdline:
C:\Users\u ser\AppDat a\Local\Te mp\/servic e123.exe MD5: 4D55689820C303548CBA9CFA9F2BF3CB)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
CryptBot | A typical infostealer, capable of obtaining credentials for browsers, crypto currency wallets, browser cookies, credit cards, and creates screenshots of the infected system. All stolen data is bundled into a zip-file that is uploaded to the c2. | No Attribution |
{"C2 list": ["sevtvh17pt.top", "analforeverlovyu.top"]}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Clipboard_Hijacker_5 | Yara detected Clipboard Hijacker | Joe Security | ||
JoeSecurity_Clipboard_Hijacker_5 | Yara detected Clipboard Hijacker | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_Cryptbot | Yara detected Cryptbot | Joe Security | ||
JoeSecurity_Clipboard_Hijacker_5 | Yara detected Clipboard Hijacker | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Clipboard_Hijacker_5 | Yara detected Clipboard Hijacker | Joe Security |
System Summary |
---|
Source: | Author: Florian Roth (Nextron Systems): |
Source: | Author: Florian Roth (Nextron Systems): |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-29T01:02:37.719946+0200 | 2054350 | 1 | A Network Trojan was detected | 192.168.2.10 | 49706 | 37.9.4.189 | 80 | TCP |
2024-09-29T01:02:41.186134+0200 | 2054350 | 1 | A Network Trojan was detected | 192.168.2.10 | 49708 | 37.9.4.189 | 80 | TCP |
2024-09-29T01:02:46.011222+0200 | 2054350 | 1 | A Network Trojan was detected | 192.168.2.10 | 49712 | 37.9.4.189 | 80 | TCP |
Click to jump to signature section
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | Code function: | 5_2_007915B0 | |
Source: | Code function: | 5_2_6C9D14B0 |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Code function: | 5_2_007981E0 | |
Source: | Code function: | 5_2_6CA4AEC0 | |
Source: | Code function: | 5_2_6CA4AF70 | |
Source: | Code function: | 5_2_6CA4AF70 | |
Source: | Code function: | 5_2_6C9F0860 | |
Source: | Code function: | 5_2_6C9FA9E0 | |
Source: | Code function: | 5_2_6C9FA9E0 | |
Source: | Code function: | 5_2_6C9FA970 | |
Source: | Code function: | 5_2_6C9EEB10 | |
Source: | Code function: | 5_2_6CA784A0 | |
Source: | Code function: | 5_2_6C9F4453 | |
Source: | Code function: | 5_2_6C9FA580 | |
Source: | Code function: | 5_2_6C9FA5F0 | |
Source: | Code function: | 5_2_6C9FA5F0 | |
Source: | Code function: | 5_2_6C9FC510 | |
Source: | Code function: | 5_2_6C9FE6E0 | |
Source: | Code function: | 5_2_6C9FE6E0 | |
Source: | Code function: | 5_2_6CA70730 | |
Source: | Code function: | 5_2_6C9F0740 | |
Source: | Code function: | 5_2_6CA4C040 | |
Source: | Code function: | 5_2_6CA4C1A0 | |
Source: | Code function: | 5_2_6CA2A1E0 | |
Source: | Code function: | 5_2_6C9F0260 | |
Source: | Code function: | 5_2_6CAA4360 | |
Source: | Code function: | 5_2_6CA4BD10 | |
Source: | Code function: | 5_2_6CA47D10 | |
Source: | Code function: | 5_2_6CA43840 | |
Source: | Code function: | 5_2_6C9FD974 | |
Source: | Code function: | 5_2_6CA0BBD7 | |
Source: | Code function: | 5_2_6CA0BBDB | |
Source: | Code function: | 5_2_6CA29B60 | |
Source: | Code function: | 5_2_6CA4B4D0 | |
Source: | Code function: | 5_2_6C9FD504 | |
Source: | Code function: | 5_2_6CA43690 | |
Source: | Code function: | 5_2_6CA49600 | |
Source: | Code function: | 5_2_6C9FD674 | |
Source: | Code function: | 5_2_6C9FD7F4 | |
Source: | Code function: | 5_2_6C9EB1D0 | |
Source: | Code function: | 5_2_6CA73140 | |
Source: | Code function: | 5_2_6C9FD2A0 | |
Source: | Code function: | 5_2_6CA67350 |
Networking |
---|
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | URLs: | ||
Source: | URLs: |
Source: | ASN Name: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 5_2_6C9E9C22 |
Source: | Code function: | 5_2_6C9E9C22 | |
Source: | Code function: | 5_2_6C9E9D11 |
Source: | Code function: | 5_2_6C9E9E27 |
System Summary |
---|
Source: | File dump: | Jump to dropped file |
Source: | Code function: | 5_2_007951B0 | |
Source: | Code function: | 5_2_00793E20 | |
Source: | Code function: | 5_2_6CA12CCE | |
Source: | Code function: | 5_2_6C9DCD00 | |
Source: | Code function: | 5_2_6C9DEE50 | |
Source: | Code function: | 5_2_6C9E0FC0 | |
Source: | Code function: | 5_2_6CA20AC0 | |
Source: | Code function: | 5_2_6C9E44F0 | |
Source: | Code function: | 5_2_6CA146E0 | |
Source: | Code function: | 5_2_6CA087C0 | |
Source: | Code function: | 5_2_6CA107D0 | |
Source: | Code function: | 5_2_6CA12090 | |
Source: | Code function: | 5_2_6CA20060 | |
Source: | Code function: | 5_2_6CA02360 | |
Source: | Code function: | 5_2_6CA2DC70 | |
Source: | Code function: | 5_2_6C9E5880 | |
Source: | Code function: | 5_2_6CA098F0 | |
Source: | Code function: | 5_2_6CA17A20 | |
Source: | Code function: | 5_2_6CA1DBEE | |
Source: | Code function: | 5_2_6CA1140E | |
Source: | Code function: | 5_2_6CA21510 | |
Source: | Code function: | 5_2_6CA1F610 | |
Source: | Code function: | 5_2_6C9FF760 | |
Source: | Code function: | 5_2_6C9E70C0 | |
Source: | Code function: | 5_2_6CA950D0 | |
Source: | Code function: | 5_2_6C9D3000 |
Source: | Static PE information: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: |
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | 5_2_00798230 |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 5_2_0079A694 | |
Source: | Code function: | 5_2_6CA80DAA | |
Source: | Code function: | 5_2_6CA4EE33 | |
Source: | Code function: | 5_2_6CA24E45 | |
Source: | Code function: | 5_2_6CA18E8E | |
Source: | Code function: | 5_2_6CA1A95B | |
Source: | Code function: | 5_2_6CA20AB6 | |
Source: | Code function: | 5_2_6CA3909F | |
Source: | Code function: | 5_2_6CA22AC0 | |
Source: | Code function: | 5_2_6CA4EBDB | |
Source: | Code function: | 5_2_6CA52F24 | |
Source: | Code function: | 5_2_6CA52F43 | |
Source: | Code function: | 5_2_6CA104A1 | |
Source: | Code function: | 5_2_6CA106DA | |
Source: | Code function: | 5_2_6CA18449 | |
Source: | Code function: | 5_2_6CA38A5F | |
Source: | Code function: | 5_2_6CA1A5BB | |
Source: | Code function: | 5_2_6CAA6622 | |
Source: | Code function: | 5_2_6CAA6622 | |
Source: | Code function: | 5_2_6CA106DA | |
Source: | Code function: | 5_2_6CA286A9 | |
Source: | Code function: | 5_2_6CA106DA | |
Source: | Code function: | 5_2_6CA60A4F | |
Source: | Code function: | 5_2_6CA16707 | |
Source: | Code function: | 5_2_6CA106DA | |
Source: | Code function: | 5_2_6CA52954 | |
Source: | Code function: | 5_2_6CA52973 | |
Source: | Code function: | 5_2_6CA106DA | |
Source: | Code function: | 5_2_6CA1A78B | |
Source: | Code function: | 5_2_6CAA6AF6 | |
Source: | Code function: | 5_2_6CAA6B36 |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Boot Survival |
---|
Source: | Process created: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | Evasive API call chain: | graph_5-158532 |
Source: | Stalling execution: | graph_5-158533 |
Source: | Registry key queried: | Jump to behavior |
Source: | Window / User API: | Jump to behavior |
Source: | API coverage: |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 5_2_00798230 |
Source: | Code function: | 5_2_0079116C | |
Source: | Code function: | 5_2_00791160 | |
Source: | Code function: | 5_2_007911A3 | |
Source: | Code function: | 5_2_007913C9 |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Code function: | 5_2_6CA584D0 |
Source: | Registry key value queried: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Scheduled Task/Job | 1 Scheduled Task/Job | 11 Process Injection | 1 Masquerading | 1 OS Credential Dumping | 11 Security Software Discovery | Remote Services | 1 Archive Collected Data | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 11 Native API | 1 DLL Side-Loading | 1 Scheduled Task/Job | 2 Virtualization/Sandbox Evasion | LSASS Memory | 2 Virtualization/Sandbox Evasion | Remote Desktop Protocol | 2 Data from Local System | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 DLL Side-Loading | 11 Process Injection | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | 3 Clipboard Data | 112 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Deobfuscate/Decode Files or Information | NTDS | 2 File and Directory Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 3 Obfuscated Files or Information | LSA Secrets | 22 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
24% | ReversingLabs | Win32.Trojan.Dacic |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
sevtvh17pt.top | 37.9.4.189 | true | true | unknown | |
198.187.3.20.in-addr.arpa | unknown | unknown | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
true | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
37.9.4.189 | sevtvh17pt.top | Russian Federation | 49505 | SELECTELRU | true |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1521603 |
Start date and time: | 2024-09-29 01:01:33 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 7m 33s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 11 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | file.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@8/2@2/1 |
EGA Information: |
|
HCA Information: | Failed |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target file.exe, PID 7680 because there are no executed function
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- VT rate limit hit for: file.exe
Time | Type | Description |
---|---|---|
01:03:29 | Task Scheduler | |
19:02:37 | API Interceptor | |
19:04:01 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
37.9.4.189 | Get hash | malicious | Clipboard Hijacker, Cryptbot | Browse |
| |
Get hash | malicious | Clipboard Hijacker, Cryptbot | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
SELECTELRU | Get hash | malicious | LummaC, Clipboard Hijacker, Cryptbot, LummaC Stealer, Neoreklami, PrivateLoader, Socks5Systemz | Browse |
| |
Get hash | malicious | Clipboard Hijacker, Cryptbot | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, Cryptbot | Browse |
| ||
Get hash | malicious | LummaC, Clipboard Hijacker, Cryptbot, LummaC Stealer, Neoreklami, Socks5Systemz | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, Cryptbot, Neoreklami, Socks5Systemz | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, Cryptbot | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, Cryptbot | Browse |
| ||
Get hash | malicious | LummaC, Amadey, CryptOne, LummaC Stealer, PureLog Stealer, RedLine, Socks5Systemz | Browse |
| ||
Get hash | malicious | LummaC, Amadey, Clipboard Hijacker, CryptOne, Cryptbot, LummaC Stealer, PureLog Stealer | Browse |
|
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 315803136 |
Entropy (8bit): | 0.05436916105421156 |
Encrypted: | false |
SSDEEP: | 24576:DjMXwB2/vtTwIj/SMdLcgUhTwpzbUkWrn3NDfcHVSyn8W8xlfVE:SEw13WrnpfaVYxlfVE |
MD5: | 6E1E9F37E2B7BE5FBAC02CD852F3E8F9 |
SHA1: | 5C67A906E12EC0CE68BB2008AA0BF4601713384C |
SHA-256: | A506724EE1748D3C0BACE90A2AA61EA3375E0DE9ECAB7330CD8A4F1BF704004D |
SHA-512: | 5BBA32ACD38A67C27CAB80A53E12726BA72FFAD39BA9B82F28372AD56C345BA8E71559738BE1B093E2CBDBD7AA38B5E6E656095E777FC1F983E0D1570E26AA93 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 314617856 |
Entropy (8bit): | 0.002340594165386923 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4D55689820C303548CBA9CFA9F2BF3CB |
SHA1: | 9E362CACAF1936926BD7A60A6B1E377CBE290ABD |
SHA-256: | FE9D2ED7E50F2C1712E58ABDE7718ADC894E3E8D7AC9E2C4C2CD82A4257A9383 |
SHA-512: | 6B6B9A08AA74675E138030BE71C94CEC18725647388E354FDB5F88B223B3BE3433BBB6B25A11AB7499EACBFB49B2A29AE435E3A4F6293BA54E1464E41307706E |
Malicious: | true |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 2.7922501078429534 |
TrID: |
|
File name: | file.exe |
File size: | 9'994'752 bytes |
MD5: | 0603207308448ad82dc3d1fc17923ddb |
SHA1: | 9c4f8f3e35d6404e22b50b7f1a0641a1b4195d94 |
SHA256: | 0fb82d8a8edd32ba4f80b129b228c9e74871f55f970b44c75af5aa4572b1b582 |
SHA512: | 50595287ba90421dbb6fc612b69d2a2bffdad54ff79b04c50a05ea414af4e7deeb7101fb1b0638257cb28d3627ef8258e7cb039178b6d504d922774e91f95ba5 |
SSDEEP: | 49152:bDyQaXzVDlZO+jPtICKFgYvB+um+uWXHAEUk9Nd1aKXTjTgwpZp5m2GyP/UscElJ:iQQZDlBPtTY |
TLSH: | 04A6D462DD8781FEE5931DB9A016B37F2634EB05881DCA78DF80DBD1DB31A78D4AA011 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f...............(.N,..~...............`,...@.................................DG....@... ......................p..B.. |
Icon Hash: | 90cececece8e8eb0 |
Entrypoint: | 0x4014a0 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x66F7D8B8 [Sat Sep 28 10:21:44 2024 UTC] |
TLS Callbacks: | 0x401800, 0x4017b0 |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 208ad2c8c137e3d4c33022e4bb87e9bb |
Instruction |
---|
mov dword ptr [00D46070h], 00000001h |
jmp 00007F3D58C539C6h |
nop |
mov dword ptr [00D46070h], 00000000h |
jmp 00007F3D58C539B6h |
nop |
sub esp, 1Ch |
mov eax, dword ptr [esp+20h] |
mov dword ptr [esp], eax |
call 00007F3D58C620C6h |
cmp eax, 01h |
sbb eax, eax |
add esp, 1Ch |
ret |
nop |
nop |
nop |
nop |
nop |
nop |
nop |
nop |
push ebp |
mov ebp, esp |
push edi |
push esi |
push ebx |
sub esp, 1Ch |
mov dword ptr [esp], 00D38000h |
call dword ptr [00D4822Ch] |
sub esp, 04h |
test eax, eax |
je 00007F3D58C53D85h |
mov ebx, eax |
mov dword ptr [esp], 00D38000h |
call dword ptr [00D4824Ch] |
mov edi, dword ptr [00D48234h] |
sub esp, 04h |
mov dword ptr [00D46028h], eax |
mov dword ptr [esp+04h], 00D38013h |
mov dword ptr [esp], ebx |
call edi |
sub esp, 08h |
mov esi, eax |
mov dword ptr [esp+04h], 00D38029h |
mov dword ptr [esp], ebx |
call edi |
sub esp, 08h |
mov dword ptr [006C6004h], eax |
test esi, esi |
je 00007F3D58C53D23h |
mov dword ptr [esp+04h], 00D4602Ch |
mov dword ptr [esp], 00D43104h |
call esi |
mov dword ptr [esp], 00401580h |
call 00007F3D58C53C73h |
lea esp, dword ptr [ebp-0Ch] |
pop ebx |
pop esi |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x947000 | 0x42 | .edata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x948000 | 0xa98 | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x94b000 | 0x44444 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x941124 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x94820c | 0x1a8 | .idata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x2c4d18 | 0x2c4e00 | d5af9fb1c9883282b69a561117a5832f | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.data | 0x2c6000 | 0x671024 | 0x671200 | 4820710f431eaf7d900fecb9b6c08806 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rdata | 0x938000 | 0xa254 | 0xa400 | e27277dfb488383ba76fda11628323da | False | 0.37964462652439024 | data | 4.46559492219033 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.eh_fram | 0x943000 | 0x21d8 | 0x2200 | 7733f6381e3f3feec6f8733c390ec463 | False | 0.3254825367647059 | data | 4.871924170185062 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.bss | 0x946000 | 0xb74 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.edata | 0x947000 | 0x42 | 0x200 | 8eec2f6f3f5dcedfd5bb51464e6a7e67 | False | 0.123046875 | data | 0.7272198426899718 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.idata | 0x948000 | 0xa98 | 0xc00 | a4ddc7dee7c4c1ac11db7e0a2a7001dd | False | 0.3828125 | data | 4.842301882278895 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.CRT | 0x949000 | 0x30 | 0x200 | 947565758601e59a9e2e145caaaaefe2 | False | 0.064453125 | data | 0.2044881574398449 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.tls | 0x94a000 | 0x8 | 0x200 | bf619eac0cdf3f68d496ea9344137e8b | False | 0.02734375 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.reloc | 0x94b000 | 0x44444 | 0x44600 | 4716987d16ed5927610525c91e1ae875 | False | 0.16826154021937842 | data | 6.7566311254176545 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
DLL | Import |
---|---|
ADVAPI32.dll | CryptAcquireContextA, CryptGenRandom, CryptReleaseContext |
KERNEL32.dll | DeleteCriticalSection, EnterCriticalSection, FreeLibrary, GetLastError, GetModuleHandleA, GetModuleHandleW, GetProcAddress, GetStartupInfoA, GetTempPathA, InitializeCriticalSection, IsDBCSLeadByteEx, LeaveCriticalSection, LoadLibraryA, MultiByteToWideChar, SetUnhandledExceptionFilter, Sleep, TlsGetValue, VirtualProtect, VirtualQuery, WideCharToMultiByte, lstrlenA |
msvcrt.dll | __getmainargs, __initenv, __mb_cur_max, __p__acmdln, __p__commode, __p__fmode, __set_app_type, __setusermatherr, _amsg_exit, _assert, _cexit, _errno, _chsize, _exit, _filelengthi64, _fileno, _initterm, _iob, _lock, _onexit, _unlock, abort, atoi, calloc, exit, fclose, fflush, fgetpos, fopen, fputc, fread, free, freopen, fsetpos, fwrite, getc, islower, isspace, isupper, isxdigit, localeconv, malloc, memcmp, memcpy, memmove, memset, mktime, localtime, difftime, _mkdir, perror, puts, realloc, remove, setlocale, signal, strchr, strcmp, strerror, strlen, strncmp, strncpy, strtol, strtoul, tolower, ungetc, vfprintf, time, wcslen, wcstombs, _stat, _write, _utime, _open, _fileno, _close, _chmod |
SHELL32.dll | ShellExecuteA |
Name | Ordinal | Address |
---|---|---|
main | 1 | 0x5b13b0 |
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-29T01:02:37.719946+0200 | 2054350 | ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 | 1 | 192.168.2.10 | 49706 | 37.9.4.189 | 80 | TCP |
2024-09-29T01:02:41.186134+0200 | 2054350 | ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 | 1 | 192.168.2.10 | 49708 | 37.9.4.189 | 80 | TCP |
2024-09-29T01:02:46.011222+0200 | 2054350 | ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 | 1 | 192.168.2.10 | 49712 | 37.9.4.189 | 80 | TCP |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 29, 2024 01:02:37.022218943 CEST | 49706 | 80 | 192.168.2.10 | 37.9.4.189 |
Sep 29, 2024 01:02:37.027188063 CEST | 80 | 49706 | 37.9.4.189 | 192.168.2.10 |
Sep 29, 2024 01:02:37.027285099 CEST | 49706 | 80 | 192.168.2.10 | 37.9.4.189 |
Sep 29, 2024 01:02:37.027477980 CEST | 49706 | 80 | 192.168.2.10 | 37.9.4.189 |
Sep 29, 2024 01:02:37.027498960 CEST | 49706 | 80 | 192.168.2.10 | 37.9.4.189 |
Sep 29, 2024 01:02:37.032263994 CEST | 80 | 49706 | 37.9.4.189 | 192.168.2.10 |
Sep 29, 2024 01:02:37.032275915 CEST | 80 | 49706 | 37.9.4.189 | 192.168.2.10 |
Sep 29, 2024 01:02:37.719841003 CEST | 80 | 49706 | 37.9.4.189 | 192.168.2.10 |
Sep 29, 2024 01:02:37.719867945 CEST | 80 | 49706 | 37.9.4.189 | 192.168.2.10 |
Sep 29, 2024 01:02:37.719945908 CEST | 49706 | 80 | 192.168.2.10 | 37.9.4.189 |
Sep 29, 2024 01:02:37.720016003 CEST | 49706 | 80 | 192.168.2.10 | 37.9.4.189 |
Sep 29, 2024 01:02:37.725172043 CEST | 80 | 49706 | 37.9.4.189 | 192.168.2.10 |
Sep 29, 2024 01:02:41.126949072 CEST | 49708 | 80 | 192.168.2.10 | 37.9.4.189 |
Sep 29, 2024 01:02:41.132054090 CEST | 80 | 49708 | 37.9.4.189 | 192.168.2.10 |
Sep 29, 2024 01:02:41.132133007 CEST | 49708 | 80 | 192.168.2.10 | 37.9.4.189 |
Sep 29, 2024 01:02:41.132430077 CEST | 49708 | 80 | 192.168.2.10 | 37.9.4.189 |
Sep 29, 2024 01:02:41.132534981 CEST | 49708 | 80 | 192.168.2.10 | 37.9.4.189 |
Sep 29, 2024 01:02:41.137686968 CEST | 80 | 49708 | 37.9.4.189 | 192.168.2.10 |
Sep 29, 2024 01:02:41.137705088 CEST | 80 | 49708 | 37.9.4.189 | 192.168.2.10 |
Sep 29, 2024 01:02:41.137736082 CEST | 80 | 49708 | 37.9.4.189 | 192.168.2.10 |
Sep 29, 2024 01:02:41.137737036 CEST | 49708 | 80 | 192.168.2.10 | 37.9.4.189 |
Sep 29, 2024 01:02:41.137773037 CEST | 49708 | 80 | 192.168.2.10 | 37.9.4.189 |
Sep 29, 2024 01:02:41.137774944 CEST | 80 | 49708 | 37.9.4.189 | 192.168.2.10 |
Sep 29, 2024 01:02:41.137800932 CEST | 80 | 49708 | 37.9.4.189 | 192.168.2.10 |
Sep 29, 2024 01:02:41.137805939 CEST | 49708 | 80 | 192.168.2.10 | 37.9.4.189 |
Sep 29, 2024 01:02:41.137814045 CEST | 80 | 49708 | 37.9.4.189 | 192.168.2.10 |
Sep 29, 2024 01:02:41.137820959 CEST | 49708 | 80 | 192.168.2.10 | 37.9.4.189 |
Sep 29, 2024 01:02:41.137826920 CEST | 80 | 49708 | 37.9.4.189 | 192.168.2.10 |
Sep 29, 2024 01:02:41.137840986 CEST | 80 | 49708 | 37.9.4.189 | 192.168.2.10 |
Sep 29, 2024 01:02:41.137845039 CEST | 49708 | 80 | 192.168.2.10 | 37.9.4.189 |
Sep 29, 2024 01:02:41.137852907 CEST | 80 | 49708 | 37.9.4.189 | 192.168.2.10 |
Sep 29, 2024 01:02:41.137866974 CEST | 49708 | 80 | 192.168.2.10 | 37.9.4.189 |
Sep 29, 2024 01:02:41.137867928 CEST | 80 | 49708 | 37.9.4.189 | 192.168.2.10 |
Sep 29, 2024 01:02:41.137887955 CEST | 49708 | 80 | 192.168.2.10 | 37.9.4.189 |
Sep 29, 2024 01:02:41.137902021 CEST | 49708 | 80 | 192.168.2.10 | 37.9.4.189 |
Sep 29, 2024 01:02:41.137924910 CEST | 49708 | 80 | 192.168.2.10 | 37.9.4.189 |
Sep 29, 2024 01:02:41.142653942 CEST | 80 | 49708 | 37.9.4.189 | 192.168.2.10 |
Sep 29, 2024 01:02:41.142710924 CEST | 49708 | 80 | 192.168.2.10 | 37.9.4.189 |
Sep 29, 2024 01:02:41.142718077 CEST | 80 | 49708 | 37.9.4.189 | 192.168.2.10 |
Sep 29, 2024 01:02:41.142730951 CEST | 80 | 49708 | 37.9.4.189 | 192.168.2.10 |
Sep 29, 2024 01:02:41.142762899 CEST | 49708 | 80 | 192.168.2.10 | 37.9.4.189 |
Sep 29, 2024 01:02:41.142772913 CEST | 49708 | 80 | 192.168.2.10 | 37.9.4.189 |
Sep 29, 2024 01:02:41.142776012 CEST | 80 | 49708 | 37.9.4.189 | 192.168.2.10 |
Sep 29, 2024 01:02:41.142788887 CEST | 80 | 49708 | 37.9.4.189 | 192.168.2.10 |
Sep 29, 2024 01:02:41.142802954 CEST | 80 | 49708 | 37.9.4.189 | 192.168.2.10 |
Sep 29, 2024 01:02:41.142818928 CEST | 49708 | 80 | 192.168.2.10 | 37.9.4.189 |
Sep 29, 2024 01:02:41.142834902 CEST | 49708 | 80 | 192.168.2.10 | 37.9.4.189 |
Sep 29, 2024 01:02:41.142858982 CEST | 49708 | 80 | 192.168.2.10 | 37.9.4.189 |
Sep 29, 2024 01:02:41.185957909 CEST | 80 | 49708 | 37.9.4.189 | 192.168.2.10 |
Sep 29, 2024 01:02:41.186134100 CEST | 49708 | 80 | 192.168.2.10 | 37.9.4.189 |
Sep 29, 2024 01:02:41.234066963 CEST | 80 | 49708 | 37.9.4.189 | 192.168.2.10 |
Sep 29, 2024 01:02:41.234185934 CEST | 49708 | 80 | 192.168.2.10 | 37.9.4.189 |
Sep 29, 2024 01:02:41.282026052 CEST | 80 | 49708 | 37.9.4.189 | 192.168.2.10 |
Sep 29, 2024 01:02:41.601428986 CEST | 80 | 49708 | 37.9.4.189 | 192.168.2.10 |
Sep 29, 2024 01:02:42.053395987 CEST | 80 | 49708 | 37.9.4.189 | 192.168.2.10 |
Sep 29, 2024 01:02:42.053594112 CEST | 49708 | 80 | 192.168.2.10 | 37.9.4.189 |
Sep 29, 2024 01:02:42.053672075 CEST | 80 | 49708 | 37.9.4.189 | 192.168.2.10 |
Sep 29, 2024 01:02:42.053740025 CEST | 49708 | 80 | 192.168.2.10 | 37.9.4.189 |
Sep 29, 2024 01:02:42.059708118 CEST | 80 | 49708 | 37.9.4.189 | 192.168.2.10 |
Sep 29, 2024 01:02:45.205534935 CEST | 49712 | 80 | 192.168.2.10 | 37.9.4.189 |
Sep 29, 2024 01:02:45.210438967 CEST | 80 | 49712 | 37.9.4.189 | 192.168.2.10 |
Sep 29, 2024 01:02:45.210551023 CEST | 49712 | 80 | 192.168.2.10 | 37.9.4.189 |
Sep 29, 2024 01:02:45.210664988 CEST | 49712 | 80 | 192.168.2.10 | 37.9.4.189 |
Sep 29, 2024 01:02:45.210787058 CEST | 49712 | 80 | 192.168.2.10 | 37.9.4.189 |
Sep 29, 2024 01:02:45.215493917 CEST | 80 | 49712 | 37.9.4.189 | 192.168.2.10 |
Sep 29, 2024 01:02:45.215513945 CEST | 80 | 49712 | 37.9.4.189 | 192.168.2.10 |
Sep 29, 2024 01:02:45.215585947 CEST | 49712 | 80 | 192.168.2.10 | 37.9.4.189 |
Sep 29, 2024 01:02:45.215610981 CEST | 80 | 49712 | 37.9.4.189 | 192.168.2.10 |
Sep 29, 2024 01:02:45.215620995 CEST | 80 | 49712 | 37.9.4.189 | 192.168.2.10 |
Sep 29, 2024 01:02:45.215672970 CEST | 80 | 49712 | 37.9.4.189 | 192.168.2.10 |
Sep 29, 2024 01:02:45.215677977 CEST | 49712 | 80 | 192.168.2.10 | 37.9.4.189 |
Sep 29, 2024 01:02:45.215682983 CEST | 80 | 49712 | 37.9.4.189 | 192.168.2.10 |
Sep 29, 2024 01:02:45.215692043 CEST | 80 | 49712 | 37.9.4.189 | 192.168.2.10 |
Sep 29, 2024 01:02:45.215699911 CEST | 80 | 49712 | 37.9.4.189 | 192.168.2.10 |
Sep 29, 2024 01:02:45.215715885 CEST | 80 | 49712 | 37.9.4.189 | 192.168.2.10 |
Sep 29, 2024 01:02:45.215724945 CEST | 80 | 49712 | 37.9.4.189 | 192.168.2.10 |
Sep 29, 2024 01:02:45.215739012 CEST | 49712 | 80 | 192.168.2.10 | 37.9.4.189 |
Sep 29, 2024 01:02:45.215783119 CEST | 49712 | 80 | 192.168.2.10 | 37.9.4.189 |
Sep 29, 2024 01:02:45.220478058 CEST | 80 | 49712 | 37.9.4.189 | 192.168.2.10 |
Sep 29, 2024 01:02:45.220520973 CEST | 80 | 49712 | 37.9.4.189 | 192.168.2.10 |
Sep 29, 2024 01:02:45.220575094 CEST | 80 | 49712 | 37.9.4.189 | 192.168.2.10 |
Sep 29, 2024 01:02:45.220583916 CEST | 80 | 49712 | 37.9.4.189 | 192.168.2.10 |
Sep 29, 2024 01:02:45.220632076 CEST | 80 | 49712 | 37.9.4.189 | 192.168.2.10 |
Sep 29, 2024 01:02:45.220649004 CEST | 80 | 49712 | 37.9.4.189 | 192.168.2.10 |
Sep 29, 2024 01:02:45.261970043 CEST | 80 | 49712 | 37.9.4.189 | 192.168.2.10 |
Sep 29, 2024 01:02:46.011080027 CEST | 80 | 49712 | 37.9.4.189 | 192.168.2.10 |
Sep 29, 2024 01:02:46.011156082 CEST | 80 | 49712 | 37.9.4.189 | 192.168.2.10 |
Sep 29, 2024 01:02:46.011221886 CEST | 49712 | 80 | 192.168.2.10 | 37.9.4.189 |
Sep 29, 2024 01:02:46.011317015 CEST | 49712 | 80 | 192.168.2.10 | 37.9.4.189 |
Sep 29, 2024 01:02:46.016169071 CEST | 80 | 49712 | 37.9.4.189 | 192.168.2.10 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 29, 2024 01:02:36.595330000 CEST | 57587 | 53 | 192.168.2.10 | 1.1.1.1 |
Sep 29, 2024 01:02:37.016463041 CEST | 53 | 57587 | 1.1.1.1 | 192.168.2.10 |
Sep 29, 2024 01:02:56.785845995 CEST | 53 | 65401 | 162.159.36.2 | 192.168.2.10 |
Sep 29, 2024 01:02:57.246984005 CEST | 64081 | 53 | 192.168.2.10 | 1.1.1.1 |
Sep 29, 2024 01:02:57.254136086 CEST | 53 | 64081 | 1.1.1.1 | 192.168.2.10 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Sep 29, 2024 01:02:36.595330000 CEST | 192.168.2.10 | 1.1.1.1 | 0xce96 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 29, 2024 01:02:57.246984005 CEST | 192.168.2.10 | 1.1.1.1 | 0xbc11 | Standard query (0) | PTR (Pointer record) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Sep 29, 2024 01:02:37.016463041 CEST | 1.1.1.1 | 192.168.2.10 | 0xce96 | No error (0) | 37.9.4.189 | A (IP address) | IN (0x0001) | false | ||
Sep 29, 2024 01:02:57.254136086 CEST | 1.1.1.1 | 192.168.2.10 | 0xbc11 | Name error (3) | none | none | PTR (Pointer record) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.10 | 49706 | 37.9.4.189 | 80 | 7680 | C:\Users\user\Desktop\file.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 29, 2024 01:02:37.027477980 CEST | 333 | OUT | |
Sep 29, 2024 01:02:37.027498960 CEST | 413 | OUT | |
Sep 29, 2024 01:02:37.719841003 CEST | 209 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.10 | 49708 | 37.9.4.189 | 80 | 7680 | C:\Users\user\Desktop\file.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 29, 2024 01:02:41.132430077 CEST | 335 | OUT | |
Sep 29, 2024 01:02:41.132534981 CEST | 11124 | OUT | |
Sep 29, 2024 01:02:41.137737036 CEST | 1236 | OUT | |
Sep 29, 2024 01:02:41.137773037 CEST | 2472 | OUT | |
Sep 29, 2024 01:02:41.137805939 CEST | 2472 | OUT | |
Sep 29, 2024 01:02:41.137820959 CEST | 2472 | OUT | |
Sep 29, 2024 01:02:41.137845039 CEST | 2472 | OUT | |
Sep 29, 2024 01:02:41.137866974 CEST | 2472 | OUT | |
Sep 29, 2024 01:02:41.137887955 CEST | 4944 | OUT | |
Sep 29, 2024 01:02:41.137902021 CEST | 2472 | OUT | |
Sep 29, 2024 01:02:41.137924910 CEST | 1236 | OUT | |
Sep 29, 2024 01:02:42.053395987 CEST | 209 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.10 | 49712 | 37.9.4.189 | 80 | 7680 | C:\Users\user\Desktop\file.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 29, 2024 01:02:45.210664988 CEST | 335 | OUT | |
Sep 29, 2024 01:02:45.210787058 CEST | 11124 | OUT | |
Sep 29, 2024 01:02:45.215585947 CEST | 3708 | OUT | |
Sep 29, 2024 01:02:45.215677977 CEST | 4944 | OUT | |
Sep 29, 2024 01:02:45.215739012 CEST | 9888 | OUT | |
Sep 29, 2024 01:02:45.215783119 CEST | 376 | OUT | |
Sep 29, 2024 01:02:46.011080027 CEST | 209 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 19:02:27 |
Start date: | 28/09/2024 |
Path: | C:\Users\user\Desktop\file.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x7f0000 |
File size: | 9'994'752 bytes |
MD5 hash: | 0603207308448AD82DC3D1FC17923DDB |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 5 |
Start time: | 19:03:27 |
Start date: | 28/09/2024 |
Path: | C:\Users\user\AppData\Local\Temp\service123.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x790000 |
File size: | 314'617'856 bytes |
MD5 hash: | 4D55689820C303548CBA9CFA9F2BF3CB |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 6 |
Start time: | 19:03:28 |
Start date: | 28/09/2024 |
Path: | C:\Windows\SysWOW64\schtasks.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x430000 |
File size: | 187'904 bytes |
MD5 hash: | 48C2FE20575769DE916F48EF0676A965 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 7 |
Start time: | 19:03:28 |
Start date: | 28/09/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff620390000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 8 |
Start time: | 19:03:30 |
Start date: | 28/09/2024 |
Path: | C:\Users\user\AppData\Local\Temp\service123.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x790000 |
File size: | 314'617'856 bytes |
MD5 hash: | 4D55689820C303548CBA9CFA9F2BF3CB |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 9 |
Start time: | 19:04:02 |
Start date: | 28/09/2024 |
Path: | C:\Users\user\AppData\Local\Temp\service123.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x790000 |
File size: | 314'617'856 bytes |
MD5 hash: | 4D55689820C303548CBA9CFA9F2BF3CB |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Execution Graph
Execution Coverage: | 0.1% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 50.4% |
Total number of Nodes: | 125 |
Total number of Limit Nodes: | 4 |
Graph
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9E9C22 Relevance: 15.1, APIs: 10, Instructions: 110sleepclipboardCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 007981E0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 87libraryloaderCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00798230 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 90libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9E9B70 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 32sleepsynchronizationclipboardCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00791296 Relevance: 5.1, APIs: 4, Instructions: 80stringCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 007913BB Relevance: 5.1, APIs: 4, Instructions: 66stringCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9EB3F0 Relevance: 1.4, APIs: 1, Instructions: 144COMMON
Control-flow Graph
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9EB560 Relevance: 1.3, APIs: 1, Instructions: 95COMMON
Control-flow Graph
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9E0FC0 Relevance: 22.6, APIs: 8, Strings: 4, Instructions: 1647stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CA584D0 Relevance: 17.7, Strings: 14, Instructions: 166COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9DEE50 Relevance: 12.5, APIs: 8, Instructions: 494COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9FE6E0 Relevance: 12.2, APIs: 6, Strings: 2, Instructions: 219stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9E9D11 Relevance: 12.0, APIs: 8, Instructions: 46clipboardmemorystringCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9F0860 Relevance: 10.7, APIs: 5, Strings: 2, Instructions: 212stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9E70C0 Relevance: 9.6, APIs: 6, Instructions: 649COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00793E20 Relevance: 5.4, Strings: 4, Instructions: 351COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9E44F0 Relevance: 5.4, Strings: 4, Instructions: 351COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9FC510 Relevance: 2.5, Strings: 2, Instructions: 42COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9F0740 Relevance: 2.5, Strings: 2, Instructions: 42COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CA146E0 Relevance: 2.1, APIs: 1, Instructions: 873COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CA12CCE Relevance: 2.1, APIs: 1, Instructions: 811COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CA1140E Relevance: 2.1, APIs: 1, Instructions: 811COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CA12090 Relevance: 2.0, APIs: 1, Instructions: 790COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CA107D0 Relevance: 2.0, APIs: 1, Instructions: 789COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9FF760 Relevance: 2.0, APIs: 1, Instructions: 770stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CA17A20 Relevance: 1.9, APIs: 1, Instructions: 678COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CA02360 Relevance: 1.6, APIs: 1, Instructions: 357COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CA2DC70 Relevance: 1.6, APIs: 1, Instructions: 328COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CA29B60 Relevance: 1.3, Strings: 1, Instructions: 81COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9EEB10 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9F0260 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CA1DBEE Relevance: .8, Instructions: 838COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CA21510 Relevance: .7, Instructions: 684COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CA20060 Relevance: .7, Instructions: 683COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CA20AC0 Relevance: .7, Instructions: 674COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CA1F610 Relevance: .7, Instructions: 671COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9F4453 Relevance: .5, Instructions: 465COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9D3000 Relevance: .4, Instructions: 356COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CA950D0 Relevance: .3, Instructions: 292COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CA4AF70 Relevance: .2, Instructions: 202COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CA67350 Relevance: .2, Instructions: 200COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CA4C1A0 Relevance: .2, Instructions: 181COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CA0BBD7 Relevance: .1, Instructions: 87COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CA49600 Relevance: .1, Instructions: 84COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9FD2A0 Relevance: .1, Instructions: 83COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CA47D10 Relevance: .1, Instructions: 81COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CA0BBDB Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CA4AEC0 Relevance: .1, Instructions: 67COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CA4BD10 Relevance: .1, Instructions: 67COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CA4B4D0 Relevance: .1, Instructions: 58COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CA4C040 Relevance: .1, Instructions: 57COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CA784A0 Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9FD504 Relevance: .0, Instructions: 48COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CAA4360 Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CA2A1E0 Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9FD974 Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9FD674 Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9FD7F4 Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9EB1D0 Relevance: .0, Instructions: 13COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9D2290 Relevance: 42.4, APIs: 28, Instructions: 354COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9DB7A0 Relevance: 42.2, APIs: 28, Instructions: 162COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9D28FA Relevance: 42.1, APIs: 28, Instructions: 84COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9D2A2F Relevance: 42.1, APIs: 28, Instructions: 82COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9D29F0 Relevance: 42.1, APIs: 28, Instructions: 78COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9D28BB Relevance: 42.1, APIs: 28, Instructions: 73COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9D2A6E Relevance: 42.1, APIs: 28, Instructions: 71COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9D2B13 Relevance: 42.1, APIs: 28, Instructions: 69COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9D29B1 Relevance: 42.1, APIs: 28, Instructions: 67COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9D2AAD Relevance: 42.1, APIs: 28, Instructions: 65COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9DB930 Relevance: 40.6, APIs: 27, Instructions: 135COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9DBFCC Relevance: 39.1, APIs: 26, Instructions: 63COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9DBEE7 Relevance: 37.6, APIs: 25, Instructions: 83COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9DBC1B Relevance: 37.6, APIs: 25, Instructions: 55COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9DBE00 Relevance: 37.5, APIs: 25, Instructions: 46COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9DBE70 Relevance: 37.5, APIs: 25, Instructions: 46COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9DBDC7 Relevance: 37.5, APIs: 25, Instructions: 44COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9DBE98 Relevance: 37.5, APIs: 25, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9DBDE8 Relevance: 37.5, APIs: 25, Instructions: 42COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9DC150 Relevance: 36.3, APIs: 24, Instructions: 284COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9DC470 Relevance: 33.2, APIs: 22, Instructions: 152COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9DD570 Relevance: 28.6, APIs: 19, Instructions: 116COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9DD67C Relevance: 28.5, APIs: 19, Instructions: 32COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9DD6C0 Relevance: 27.1, APIs: 18, Instructions: 138COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9DD855 Relevance: 25.5, APIs: 17, Instructions: 45COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9EC330 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 130fileCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9DD8A8 Relevance: 24.1, APIs: 16, Instructions: 52COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9DDA90 Relevance: 22.6, APIs: 15, Instructions: 136COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9DDCE0 Relevance: 21.1, APIs: 14, Instructions: 74COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9DDD80 Relevance: 19.6, APIs: 13, Instructions: 77COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9E0310 Relevance: 18.2, APIs: 12, Instructions: 165COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00791940 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 129fileCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9DA690 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 129fileCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9DE0A0 Relevance: 16.6, APIs: 11, Instructions: 98COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9DE570 Relevance: 15.1, APIs: 10, Instructions: 145COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9DE59B Relevance: 15.1, APIs: 10, Instructions: 89COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9DE714 Relevance: 15.0, APIs: 10, Instructions: 35COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9E9249 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 31libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9DFEE0 Relevance: 13.7, APIs: 9, Instructions: 186synchronizationCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9DE760 Relevance: 13.6, APIs: 9, Instructions: 67COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 007914E0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 43libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9D13E0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 43libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9F73C0 Relevance: 12.2, APIs: 6, Strings: 2, Instructions: 237stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9DE800 Relevance: 12.1, APIs: 8, Instructions: 89COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00791E70 Relevance: 12.1, APIs: 8, Instructions: 84COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9FB810 Relevance: 10.7, APIs: 5, Strings: 2, Instructions: 212stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9F7710 Relevance: 10.7, APIs: 6, Strings: 1, Instructions: 211stringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9DE8E0 Relevance: 10.7, APIs: 7, Instructions: 183COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9DE340 Relevance: 10.6, APIs: 7, Instructions: 126synchronizationCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9E01F0 Relevance: 10.6, APIs: 7, Instructions: 65COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00798120 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9E9171 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 35libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9DEA9B Relevance: 10.5, APIs: 7, Instructions: 21COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CA74AE0 Relevance: 10.2, APIs: 8, Instructions: 158COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CA70970 Relevance: 10.2, APIs: 8, Instructions: 150COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9DEB70 Relevance: 9.2, APIs: 6, Instructions: 203COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9EB060 Relevance: 9.1, APIs: 6, Instructions: 145COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9D1020 Relevance: 9.1, APIs: 6, Instructions: 100sleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9F1F00 Relevance: 9.0, APIs: 6, Instructions: 50stringCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9F1C50 Relevance: 9.0, APIs: 6, Instructions: 49stringCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9DED31 Relevance: 9.0, APIs: 6, Instructions: 19COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9EE0D0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 130windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9D9490 Relevance: 7.9, APIs: 4, Strings: 1, Instructions: 375stringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CA4D810 Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 153stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9DF840 Relevance: 7.6, APIs: 5, Instructions: 87COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CA98520 Relevance: 7.6, APIs: 5, Instructions: 64stringCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9E9530 Relevance: 7.6, APIs: 5, Instructions: 59COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9E0290 Relevance: 7.5, APIs: 5, Instructions: 32memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 007980D8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 19stringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9E9128 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 19stringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9E9293 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9DA340 Relevance: 6.3, APIs: 5, Instructions: 98stringCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CAA0F90 Relevance: 6.3, APIs: 3, Strings: 1, Instructions: 283stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9FE980 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 127stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9FE581 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 115stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00797C40 Relevance: 6.1, APIs: 4, Instructions: 93COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9E9660 Relevance: 6.1, APIs: 4, Instructions: 93COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9DF511 Relevance: 6.1, APIs: 4, Instructions: 91COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9DF6B0 Relevance: 6.1, APIs: 4, Instructions: 86COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9D55A8 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 64stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00791001 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CA49F70 Relevance: 6.0, APIs: 4, Instructions: 30stringCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CA65DB0 Relevance: 5.4, APIs: 4, Instructions: 369stringCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CA655D0 Relevance: 5.4, APIs: 4, Instructions: 369stringCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CA64DD0 Relevance: 5.4, APIs: 4, Instructions: 352stringCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6CA645D0 Relevance: 5.4, APIs: 4, Instructions: 352stringCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9EE1F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 89stringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9F77B1 Relevance: 5.1, APIs: 4, Instructions: 128stringCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00796B60 Relevance: 5.1, APIs: 4, Instructions: 53sleepCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9E8080 Relevance: 5.1, APIs: 4, Instructions: 53sleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00792000 Relevance: 5.0, APIs: 4, Instructions: 39COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C9DAB50 Relevance: 5.0, APIs: 4, Instructions: 39COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|